Introduction to Web Application Security   Course

This course gives you an overview of the most important security concerns in web applications, and how to deal with them. You will learn how and why web apps are vulnerable. The course will cover the top 10 vulnerabilities, based on the Open Web Application Security Project. You will learn what each vulnerability is, and the best approach to counter the risk. This course does not focus on any particular programming language.

Need a quote? Want more information? Want to book? We promise to contact you within 1 working day.

Fields marked with * are required.

Please enter your name

Please enter your surname

Please enter a valid phone number eg. 0126662020

Please enter a valid email address

Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

Audience: Is This The Right Course For Me?

You should attend the Web Application Security course if:

  • You are a web application developer, and you need to write secure applications.
  • You are a manager and you want to reduce your organisation's vulnerability to security attacks.
  • You are a network or server engineer, and you are responsible for application security.

Prerequisites: Am I Ready For The Course?

Before you attend the Web Application Security course, you should have some technical background and a basic understanding of web applications.

Please check that you meet the prerequisites for this course before you attend. Read the importance of course prerequisites to understand why this is necessary.

If you are not sure which is the right course for you, please call us. We will be happy to advise you, based on your training goals and your experience.

Objectives: What Will I Learn?

After you have completed the Web Application Security course, you will:

  • Understand the concepts and terminology used in web security.
  • Be aware of the global organisations and standards that focus on web application security.
  • Know what the most important vulnerabilities are, and what countermeasures to take.
  • Know what is required to implement a secure development approach.
  • Be aware of best practices and secure design principles for development.

Download the Introduction to Web Application Security course contents in PDF format

Technical Contents: What Does The Course Cover?

  • Case studies and statistics.
  • Introduction to web applications.
  • Basics of web application architecture.
  • Application security risks.
  • Attack vectors.
  • Threat agents.
HTTP Protocol
  • HTTP protocol basics.
  • HTTP response headers.
  • HTTP versus HTTPS.
  • HTTP Strict Transport Security (HSTS).
  • X-Frame-Options.
  • X-XSS-Protection.
  • X-Content-Type-Options.
  • Content-Security-Policy.
  • Referrer-Policy.
  • Expect-CT.
Global Organisations, Standards and Frameworks
  • The Web Application Security Consortium (WASC).
  • The Open Web Application Security Project (OWASP).
  • The National Institute of Standards and Technology (NIST).
  • The Common Weakness Enumeration (CWE) category system.
  • The SysAdm, Audit, Network, Security (SANS) Institute.
Fundamentals of a Secure Environment
  • CIA: Confidentiality, integrity, availability.
  • Policies and standards.
  • Acquiring secure software.
  • Training.
  • Secure architecture.
  • Physical security.
  • Introduction to secure SDLC.
Common Attack Categories
  • Insecure interaction between components.
  • Risky resource management.
  • Poroous defences.
OWASP Top 10 Web Application Vulerabilities
  • Injection.
  • Broken authentication and session management.
  • Sensitive data exposure.
  • XML external entity (XXE).
  • Broken access control.
  • Security misconfiguration.
  • Cross-site xcripting (XSS).
  • Insecure deserialization.
  • Using components with known vulnerabilities.
  • Insufficient logging & monitoring.
  • Definitions, explanations and examples.
  • Countermeasures.
Other Common Vulnerabilities
  • Clickjacking.
  • Cross-Site Request Forgery (CSRF).
  • Server Side Request Forgerty (SSRF).
  • Definitions, explanations and examples.
  • Countermeasures.
Testing and Monitoring
  • Static application security testing.
  • Dynamic application security testing.
  • Interactive application security testing.
  • Runtime application self-protection.
  • Monitoring tools.
Secure Development Approach
  • The secure SDLC.
  • Threat modelling.
  • Source code review.
  • Common dangerous programming practices.
  • Common development mistakes.
Secure Design Principles and Best Practices
  • Defense in depth.
  • Fail safe.
  • Least privilege.
  • Separation of duties.
  • Economy of mechanism.
  • Complete mediation.
  • Open design.
  • Least common mechanism.
  • Psychological acceptability.
  • Weakest link.
  • Leveraging existing components.

Testimonials: What Other Delegates Say About This Course

This is a new course.

To get an idea of the quality you can expect, look at the testimonials for other related courses that we offer.

Price: R5,500.00 excluding VAT per delegate.

This price includes everything that you need:

  • All course material, provided in an electronic format.
  • An attendance certificate after the course, in PDF format.
  • A voucher to re-attend the course for a minimal fee within 6 months.

All you have to bring to the course is the desire to learn.

To support the economy during the pandemic, we have not increased prices in 2021.

Duration: 2 days. Courses are presented from 08:30 to 16:30.
Location: Due to COVID-19, all courses will be presented virtually.
Read more about the Incus Data Virtual Classroom
Date: Please check the course schedule for the next date.
You can also contact us at tel: (+27) 12-666-2020 or cell/WhatsApp: (+27) 76-694-7705, or email us at to find out about dates that suit you.

How do I book?

It's easy to book: just email us at

You can also fill in our course enrolment form (editable PDF file) and email it to (Type in the information, and your PDF reader won't save it, just print it to PDF. Then email the completed form to us.

After we have received your booking, we will confirm that you are booked, and we'll send you an invoice.